Are checksums available for lighttpd. I'm working on a Federal Compliance initiative, and there is a requirement to ensure that the integrity of production files and modules can be verified.
The project is mirrored to github. https://github.com/lighttpd/lighttpd1.4/
There are tags for releases, and these tags reference git commits. The git commit is itself a SHA-1 checksum, strong than MD5. While there could be stronger guarantees provided by signed releases, will the git checksum currently available satisfy your needs?